172489 matches found
Astra Linux – Vulnerability in giflib
Before February 16, 2019, a malformed GIF file would trigger a divide-by-zero exception in the decoder function DGifSlurp in dgiflib.c, especially when the height field of the ImageSize data structure was equal to zero...
Astra Linux – Vulnerability in libxpm
A vulnerability was discovered in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system...
Astra Linux – Vulnerability in libvpx
There is a heap overflow vulnerability in libvpx. Encoding a frame with dimensions larger than the originally configured size using VP9 may lead to a heap overflow in libvpx. We recommend upgrading to version 1.13.1 or higher...
Astra Linux – Vulnerability in exiv2
In Exiv2 through 0.27.1, a vulnerability in CiffDirectory::readDirectory allows for integer overflow and out-of-bounds reads. This vulnerability enables an attacker to cause a denial of service SIGSEGV by using a crafted CRW image file...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: libceph: The calctarget function should set t-paused, rather than simply clearing it. Currently, calctarget clears t-paused if the request should no longer be paused. However, it never sets t-paused, even though it can determine...
Astra Linux – Vulnerability in node-ini
This affects the package ini before version 1.3.6. If an attacker submits a malicious INI file to an application that parses it using ini.parse, they will corrupt the prototype within the application. This can be further exploited depending on the context...
Astra Linux – Vulnerability in pillow
In version 9.0.1, Pillow allows attackers to delete files because spaces in temporary pathnames are mishandled...
Astra Linux – Vulnerability in libssh
A vulnerability was discovered in libssh, where an uninitialized variable exists under certain conditions within the privatekeyfromfile function. This flaw can be exploited if the file specified by the filename does not exist, and it may lead to potential signing failures or heap corruption...
Astra Linux – Vulnerability in CGal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...
Astra Linux – Vulnerability in Heimdal
Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial-of-service vulnerability in Heimdal’s PKI certificate validation library. This vulnerability affects the KDC via PKINIT and kinit via PKINIT, as well as any third-party applications...
Astra Linux – Vulnerability in exempi
The XMP Toolkit SDK version 2021.07 and earlier is affected by a stack-based buffer overflow vulnerability that may lead to arbitrary code execution within the context of the current user. Exploitation requires user interaction—that is, the victim must open a specially crafted file...
Astra Linux – Vulnerability in Heimdal, Samba
A heap-based buffer overflow vulnerability was discovered in Samba, specifically within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow for a length-limited write buffer overflow on memory allocated by malloc,...
Astra Linux – Vulnerability in Thunderbird
An outdated graphics library Angle likely contained vulnerabilities that could potentially be exploited. This vulnerability affects Thunderbird 78.9 and Firefox ESR 78.9...
Astra Linux – Vulnerability in Python 3.11, Python 3.7
When loading a plist file, the plistlib module reads data in a size specified by the file itself. This means that a malicious file can cause out-of-memory OOM and denial-of-service DoS issues...
Astra Linux – Vulnerability in Golang-1.15
In Go versions before 1.14.14 and 1.15.x, as well as before 1.15.7, the crypto/elliptic/p224.go file may generate incorrect outputs due to a underflow of the lowest limb during the final complete reduction of the P-224 field...
Astra Linux – Vulnerability in glibc
The deprecated compatibility function clntcreate in the sunrpc module of the GNU C Library also known as glibc from versions up to 2.34 copies its hostname argument onto the stack without validating its length. This may lead to a buffer overflow, potentially causing a denial of service or, if the...
Astra Linux – Vulnerability in libuv1
libuv is a multi-platform support library that focuses on asynchronous I/O operations. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its Windows counterpart src/win/getaddrinfo.c truncates hostnames to 256 characters before calling getaddrinfo. This behavior can be exploited to generat...
Astra Linux – Vulnerability in liblivemedia
In liveMedia/FramedSource.cpp within Live555, up to version 1.08, an assertion failure can occur, leading to an application exit through multiple SETUP and PLAY commands...
Astra Linux – Vulnerability in libde265
Libde265 v1.0.4 contains a heap buffer overflow in the putweightedpredavg16fallback function, which can be exploited through a specially crafted file...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: libbpf: Use of the OPTSSET macro in bpfxdpquery When the featureFlags and xdpzcmaxsegs fields were added to the libbpf bpfxdpQueryOpts structure, the code that wrote these fields did not use the OPTSSET macro. This causes libbpf ...